WordPress Plugin Vulnerabilities

AdRotate <= 3.9.4 - clicktracker.php track Parameter SQL Injection

Description

The AdRotate – Ad manager & AdSense Ads WordPress plugin was affected by a clicktracker.php track Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
adrotate
Fixed in 3.9.5

References

CVE
CVE-2014-1854
Exploitdb
31834
URL
https://packetstormsecurity.com/files/#125330/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
b0ca714d-e8cd-43b3-807a-e4a437d76ca8

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-02-11
Title
JS Help Desk < 3.0.2 - Authenticated (Subscriber+) SQL Injection
Published
2024-07-01
Title
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.26 - Unauthenticated SQL Injection via unsubscribe
Published
2024-04-11
Title
Shopping Cart & eCommerce Store < 5.6.4 - Contributor+ SQL Injection
Published
2024-09-16
Title
WPCargo Track & Trace <= 8.0.2 - Unauthenticated SQL Injection
Published
2023-02-06
Title
GigPress <= 2.3.28 - Subscriber+ SQLi